Current Status
State: Completed - non-applicable to editable Every Code code-rs.
Next action: None.
Blocked by: None.
Waiting for: Future exec-server/fs-helper import work, if Every Code later adopts that architecture.
Last verified: 2026-05-30.
Evidence: OpenAI commits 451b386 and a717e4e modify codex-rs/exec-server/src/fs_sandbox.rs, adding kill_on_drop(true) to the dedicated sandbox filesystem helper child and preserving macOS __CF_USER_TEXT_ENCODING in that helper's narrow allowlist. Editable code-rs has no exec-server crate, FileSystemSandboxRunner, CODEX_FS_HELPER_ARG1 / --codex-run-as-fs-helper dispatch, fs_sandbox module, or fs/readFile/fs/writeFile app-server handlers. Existing code-rs spawn paths already use kill_on_drop(true) for generic command/agent/MCP child processes, and MCP/RMCP env allowlists already preserve __CF_USER_TEXT_ENCODING.
Validation: ./build-fast.sh passed from /Users/cbusillo/Developer/code-exec-fs-helper-lifecycle on 2026-05-30.
Finish Line
Every Code either ports the applicable filesystem-helper lifecycle hardening or records why the OpenAI exec-server helper path does not apply.
Acceptance Criteria
Notes
The upstream patch is intentionally small, but Every Code may not have a one-to-one editable exec-server crate. Treat this as a lifecycle audit first and a port second.
Current Status
State: Completed - non-applicable to editable Every Code code-rs.
Next action: None.
Blocked by: None.
Waiting for: Future exec-server/fs-helper import work, if Every Code later adopts that architecture.
Last verified: 2026-05-30.
Evidence: OpenAI commits 451b386 and a717e4e modify codex-rs/exec-server/src/fs_sandbox.rs, adding kill_on_drop(true) to the dedicated sandbox filesystem helper child and preserving macOS __CF_USER_TEXT_ENCODING in that helper's narrow allowlist. Editable code-rs has no exec-server crate, FileSystemSandboxRunner, CODEX_FS_HELPER_ARG1 / --codex-run-as-fs-helper dispatch, fs_sandbox module, or fs/readFile/fs/writeFile app-server handlers. Existing code-rs spawn paths already use kill_on_drop(true) for generic command/agent/MCP child processes, and MCP/RMCP env allowlists already preserve __CF_USER_TEXT_ENCODING.
Validation: ./build-fast.sh passed from /Users/cbusillo/Developer/code-exec-fs-helper-lifecycle on 2026-05-30.
Finish Line
Every Code either ports the applicable filesystem-helper lifecycle hardening or records why the OpenAI exec-server helper path does not apply.
Acceptance Criteria
451b386442anda717e4ef31and identify whethercode-rshas an equivalent helper-spawn path.__CF_USER_TEXT_ENCODINGin the narrow helper environment allowlist../build-fast.sh.Notes
The upstream patch is intentionally small, but Every Code may not have a one-to-one editable
exec-servercrate. Treat this as a lifecycle audit first and a port second.